These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-3890 is a reflected cross-site scripting (XSS) vulnerability in BlackBerry WatchDox Server components. According to the NVD record, it affects Appliance-X version 1.8.1 and earlier, and vAPP versions 4.6.0 through 5.4.1. A remote attacker can induce a user to click a malicious link, causing script to run in the context of the affected browser.
CVE-2016-3130 is a high-severity information disclosure issue affecting BlackBerry Enterprise Server (BES) 12 through 12.5.2. According to the CVE record, an attacker able to sniff traffic between the Core and Management Console during a login attempt could obtain local or domain credentials for an administrator or user account. Because the issue involves credential exposure, affected organizations should [truncated]
CVE-2016-3128 is a spoofing vulnerability in the core of BlackBerry Enterprise Server (BES) 12 through 12.5.2. According to the CVE record, a remote attacker could use information tied to a legitimately enrolled device to enroll an illegitimate device, access device parameters for the BES, or send false information to the BES. NVD lists the issue as CVSS 3.0 8.2 (HIGH) with network attack vector, no privi [truncated]